Description

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

Remediation

References

CVE-2007-0106

Related Vulnerabilities

WordPress Plugin SupportFlow Multiple Cross-Site Scripting Vulnerabilities (0.6)

WordPress Plugin Custom Post Types and Custom Fields creator-WCK Multiple Unspecified Vulnerabilities (1.2.9)

Joomla Cryptographic Issues Vulnerability (CVE-2011-4321)

MySQL CVE-2013-0386 Vulnerability (CVE-2013-0386)

Joomla! Core Security Bypass (2.5.0 - 3.8.7)

Severity

Medium

Classification

CVE-2007-0106

Tags

Missing Update Known Vulnerabilities